File _patchinfo of Package patchinfo

<patchinfo incident="1330">
  <packager>coolo</packager>
  <category>security</category>
  <rating>low</rating>
  <summary>rubygem-devise: fixed database input validation </summary>
  <description>
  A database input validation was fixed in rubygem-devise.

  Using a specially crafted request, an attacker could trick the
  database type conversion code to return incorrect records. For some
  token values this could allow an attacker to bypass the proper checks
  and gain control of other accounts.

  http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
  </description>
<issue tracker="bnc" id="800955"/>
<issue tracker="cve" id="CVE-2013-0233"/>
</patchinfo>